Encryption Algorithm
Top  Previous  Next

Choice of Algorithms  
 
Secure IT offers a choice of two of the best encryption algorithms available. You can choose between Blowfish at 448 bits or AES (the new official US Standard) at 256 bits.  
 
Blowfish  
 
Secure IT uses a 448 bit implementation of the Blowfish algorithm in Cipher Block Chaining (CBC) mode. This ensures that data encrypted using Secure IT is impermeable to all known forms of attack. Statistically, it would be impossible to successfully brute-force crack Secure IT's encryption.  
 
Blowfish was designed by Bruce Schneier. It is a block cipher with 64-bit block size and variable length keys (up to 448 bits). Designed in 1993, it has been analyzed considerably and has been proven to be resistant against many attacks such as differential and linear cryptanalysis.  
 
AES (Advanced Encryption Standard)  
 
Secure IT also gives the option of using either blowfish or the new standard- the AES or Rijndael) symmetric encryption algorithm. Effective May 26, 2002, AES is the official U.S. Government standard. It replaces the previous standard (DES).  
 
The new AES meets the following criteria  
      - Resistance against all known attacks;  
      - Speed and code compactness on a wide range of platforms;  
      - Design simplicity.  
 
The US National Institute of Standards and Technology (NIST) recommends that AES be used by U.S. Government organizations (and others) to protect sensitive information.  
 
How Secure is the AES  
AES is an iterated block cipher with a variable block length and a variable key length. There are 3.4 x 10encryption-algorithm-38 possible 128-bit AES keys; in comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 10encryption-algorithm-16 possible DES keys. Thus, there are of the order of 10encryption-algorithm-21 times more AES 128-bit keys than DES 56-bit keys. In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key within a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message. The chances that someone could use the "DES Cracker" like hardware to crack an AES key are close to zero. Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2encryption-algorithm-55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.